Cross-origin requests

In this section of the book, we’re going to switch to a completely new topic and update our application so that it supports cross-origin requests (CORS) from JavaScript.

You’ll learn:

• What cross-origin requests are, and why web browsers prevent them by default.
• The difference between simple and preflight cross-origin requests.
• How to use Access-Control headers to allow or disallow specific cross-origin requests.
• About the security considerations you need to be aware of when configuring CORS settings in your application.